-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathschema.sql
More file actions
100 lines (94 loc) · 2.67 KB
/
schema.sql
File metadata and controls
100 lines (94 loc) · 2.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
-- Google Workspace Security Monitoring Agent Database Schema
-- Run with: mysql -u root -p mcp_logs < schema.sql
CREATE TABLE IF NOT EXISTS user_logins (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
ip VARCHAR(45),
latitude DOUBLE,
longitude DOUBLE,
country VARCHAR(100),
region VARCHAR(100),
city VARCHAR(100),
asn VARCHAR(50),
login_time DATETIME,
login_success BOOLEAN DEFAULT TRUE,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
INDEX idx_email (email),
INDEX idx_login_time (login_time)
);
CREATE TABLE IF NOT EXISTS phishing_alerts (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255),
owner_domain VARCHAR(255),
owner_display_name VARCHAR(255),
file_id VARCHAR(128),
file_title TEXT,
file_link VARCHAR(512),
visibility VARCHAR(128),
visibility_change VARCHAR(255),
reason VARCHAR(512),
raw_event JSON,
alerted BOOLEAN DEFAULT TRUE,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
INDEX idx_email (email),
INDEX idx_owner_domain (owner_domain),
INDEX idx_created_at (created_at)
);
CREATE TABLE IF NOT EXISTS security_alerts (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255),
alert_type VARCHAR(100),
details TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
INDEX idx_email (email),
INDEX idx_created_at (created_at)
);
CREATE TABLE IF NOT EXISTS drive_events (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
actor_email VARCHAR(255),
owner_domain VARCHAR(255),
owner_display_name VARCHAR(255),
doc_id VARCHAR(128),
doc_title TEXT,
visibility VARCHAR(128),
event_type VARCHAR(128),
raw_event JSON,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
INDEX idx_actor_email (actor_email),
INDEX idx_created_at (created_at)
);
CREATE TABLE IF NOT EXISTS phishing_emails (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
message_id VARCHAR(255) UNIQUE,
subject VARCHAR(255),
sender_email VARCHAR(255),
sender_display VARCHAR(255),
sender_domain VARCHAR(255),
recipients TEXT,
suspicious_reasons JSON,
share_links JSON,
auth_results TEXT,
snippet TEXT,
message_time DATETIME,
ai_label VARCHAR(64),
ai_confidence FLOAT,
rule_score INT,
phishing_confidence FLOAT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
INDEX idx_sender_email (sender_email),
INDEX idx_message_time (message_time)
);
CREATE TABLE IF NOT EXISTS phishing_ai_training (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
message_id VARCHAR(255),
subject TEXT,
sender_email VARCHAR(255),
sender_domain VARCHAR(255),
body LONGTEXT,
urls JSON,
ai_request JSON,
ai_response JSON,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
processed TINYINT DEFAULT 0,
INDEX idx_message_id (message_id)
);